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DETAILED ACTION 

1. This action is in reply to amendment filed 29 March 2007. Claims 1,6,18,19,21- 
25 and first 33 have been amended. The second claim 33 and 34-36 have been 
cancelled. Claims 37-39 are newly added. Thus, Claims 1-33 and 37-39 remain 
pending. 

2. The Examiner acknowledges the amendments to claims 6 and 21 and further 
withdraws the previous objections. 

3. The Examiner acknowledges the amendment to claim 1 9 and further withdraws 
the previous 112 rejection. 

Response to Arguments 

4. Applicant's arguments pertaining to the 101 rejection of claims 18 and 33 have 
been fully considered but they are not persuasive. Generically, "computer-readable 
medium" makes statutory, functional descriptive material. However, the specification 
discusses that "computer-readable medium" pertains to a modulated data signal such 
as a carrier wave. Such mediums are considered intangible and according to Office 
guidelines are treated as non-statutory. The Examiner maintains his previous rejection. 

5. Applicant's arguments with respect to claims 1,19,21 and 37 do not comply with 
37 CFR 1 .1 1 1 (c) because they do not clearly point out the patentable novelty which he 
or she thinks the claims present in view of the state of the art disclosed by the 
references cited or the objections made. Further, they do not show how the 
amendments avoid such references or objections. Moreover, new rejections are cited 
below. 
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Claim Rejections • 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being incomplete 
for omitting essential steps, such omission amounting to a gap between the steps. See 
MPEP § 2172.01 . The omitted steps are: determining whether the request shall be 
supported and a step including the result of the request not being supported. As the 
claim currently reads, it appears that every request to establish connection is provided 
with an indication indicating that the request is supported. 

Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

7. Claims 18 and 33 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. See arguments above. 

Claim Rejections - 35 USC § 103 

8. Claim 1-6, 9-33 and 37-39 are rejected under 35 U.S.C. 102(e) as being 
unpatentable over Malcolm (US Patent 7146638) in view of Chakravarty (US PgPub 
2004/0128545). 

9. As per claim 1 , Malcolm discloses a computer-implemented method, comprising: 
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receiving a call from an application via a first application programming interface, 
the call having parameters for a connection to an endpoint that the application desires 
to establish (column 6 lines 41-51 and column 2 lines 54-62 which discusses a well- 
known feature of communicating via an API); 

receiving from the application via the first application programming interface a 
request to establish the connection (column 4 lines 6-1 1 see also Chakravarty [0028]); 

providing the application with an indication indicating that the request is 
supported (column 6 lines 12-20 wherein it is necessary that the application receives 
indication that it is supported); and 

making a call via a second application programming interface to a firewall to 
establish the connection in accordance with the parameters (column 7 lines 21-41). 

Malcolm doesn't specifically disclose a second application programming 
interface, the embodiment of Malcolm includes wherein the application requests directly 
to the firewall to establish a connection via the first interface used to establish the 
parameters. Chakravarty disclose a similar method, wherein an application requests via 
a firewall client module for a firewall to establish a connection in accordance with 
parameters previously dictated by the application (see [0029] -[0032]). It would have 
been obvious for one of ordinary skill in the art to modify Malcolm to include the firewall 
module for processing the requests on behalf of an application via a second API. 
Motivation for modifying Malcolm as discussed above would have been to simplify 
processes at the firewall by not requiring it to parse commands from every application 
' which may be in a different format as discussed by Chakravarty in [0039]. 
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1 0. As per claim 2, Malcolm discloses the method of claim 1 , further comprising, at 
the firewall, evaluating the parameters with respect to a policy and, if the parameters 
meet the policy, establishing the network connection in accordance with the parameters 
(column 7 lines 21-41 wherein the policy is the rule established at the firewall see also 
Chakravarty [0027]). 

11. As per claim 3, Malcolm discloses the method of claim. 1 , wherein the parameters 
comprise a known endpoint to which the application would like to be connected (column 
7 line 29). 

12. As per claim 4, Malcolm discloses the method of claim 3, but fails to specifically 
discuss wherein the parameters further comprise a request to limit the connection to a 
single connection. 

Chakravarty discloses a similar method to Malcolm wherein applications submit 
to a firewall specific parameters for enabling a connection through the firewall, wherein 
the parameters are directed specifically to protocol commands specific to the requesting 
application [0024] and [0027]. Chakravarty doesn't specifically disclose wherein the 
request limits the connection to a single connection, however, one of ordinary skill in the 
art would be well-aware that this is a specific requirement of HTTP protocol and thus 
may necessarily be included in Chakravarty. 

Chakravarty is analogous art because it is directed to a method of configuring a 
firewall to assist applications for establishing network communications. 
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It would have been obvious for one of ordinary skill in the art to modify Malcolm 
to include wherein a request parameter for the firewall would include a request to limit, 
the connection to a single connection. 

Motivation for one to modify Malcolm would be to include a method wherein an 
application that requires specific requirements may be able to dynamically configure the 
firewall to enable a communication through the firewall for many different protocols as 
discussed throughout Chakravarty specifically ( [0022] and [0031] lines 13 and 14). 

13. As per claim 5, Chakravarty discloses the method of claim 4, further comprising, 
after the connection has been established, closing the connection in accordance with 
the request. 

The Examiner asserts that one of ordinary skill would be advised as to the 
requirements for HTTP and would necessary close the connection according to the 
request. 

14. As per claim 6, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the parameters comprise a request for bandwidth or connection throttling for 
the connection. 

The Examiner points to the rejection of claim 4 wherein Chakravarty discloses 
communicating parameters directed to specific applications. The Examiner notes that it 
would be obvious for a parameter of an application be directed to request for bandwidth 
or connection throttling. These are specific requirements or enhancements of well- 
known applications specifically peer-to-peer applications as would be well known to one 
of ordinary skill in the art. Motivation applies as stated in the rejection to claim 4. 
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1 5. As per claim 9. Malcolm discloses the method of claim 1 , but does not include 
wherein the parameters comprise turning off or on specific protocol options. 

Chakravarty necessarily includes wherein the parameters may include turning on 
or off specific protocol options, considering as it is directly related for specifying protocol 
parameters related to the requesting application. Obviousness and motivation may be 
applied as discussed in the rejection to claim 4. 

16. As per claim 10, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the parameters comprise information about a property of a flow that requires 
special handling. 

Chakravarty discloses wherein the parameters comprise information about a 
property of a flow that requires special handling [0035]. 

Motivation to modify Malcolm to specify wherein the property of a flow requires 
special handling such as authorization or authentication would be such as to 
authenticate specific users for applications as is already commonly implemented in the 
art of firewalls and would be well-known to one of ordinary skill in the art. 

17. As per claim 1 1 , Malcolm discloses the method of claim 1 0, but does not disclose 
wherein the information comprises a request for authentication or encryption. 

Chakravarty does disclose wherein the information comprises a request for 
authentication or encryption (see rejection to claim 10). 

18. As per claim 12, Malcolm discloses the method of claim 1 , wherein the indication 
comprises opening a listening socket (column 7 lines 47-59). 
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19. As per claim 13. Malcolm discloses the method of claim 1, wherein the indication 
comprises connecting to a socket (column 7 lines 47-59). 

20. As per claim 14, Malcolm discloses the method of claim 1 , wherein the call to the 
firewall is made via a firewall application programming interface (see rejection to claim 
1). 

21 . As per claim 15, Malcolm discloses the method of claim 1 , wherein the firewall is 
located on a computer with the application (column 8 lines 62-64). 

22. As per claim 16, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the firewall comprises an edge firewall, and further comprising an agent to 
communicate information to the edge firewall about the connection. 

Chakravarty discloses wherein the firewall is an edge firewall and wherein the 
agent is the client firewall module (see fig. 4 #408 and 422). 

23. As per claim 17, Malcolm discloses the method of claim 1 , but does not 
specifically disclose wherein the firewall comprises an edge firewall, and further 
comprising an authenticated protocol to communicate information to the edge firewall 
about the connection. See Chakravarty fig 4 and [0040]. 

24. As per claim 18, Malcolm discloses a computer-readable medium having 
computer-executable instructions for performing the method recited in claim 1 (see 
claim 1 and column 5 lines 51-54). 

25. Claim 19 is rejected because it discloses similar subject matter to claim 1 
wherein the computer system elements are necessarily described in Malcolm and 



Application/Control Number: 10/603,648 Page 9 

Art Unit: 2132 

Chakravarty and further wherein Chakravarty explicitly describes the enforcement 
module.(fig.4#422). 

26. Claim 20 is rejected because it discloses similar subject matter to claim 1 , 
wherein in view of Chakravarty one may conclude the API discussed is a firewall API 
since it communicates with the firewall. 

27. As per claim 21 , Malcolm discloses a computer implemented method, 
comprising: 

Receiving a connect attempt, a listen attempt, or a combination thereof from an 
application or a service; 

Extracting user and application or service information from the connect attempt, 
the listen attempt, or the combination thereof; 

Identifying a user and the application or the service from the user and application 
or service information; 

Determining if the connect attempt, the listen attempt or the combination thereof 
need to a match a policy; 

If the connect attempt, the listen attempt or the combination thereof need to 
match the policy, establishing, via an application programming interface, the policy and 
adding the policy to a plurality of policies; 

Evaluating the application or service information to determine if the connect 
attempt, the listen attempt, of the combination thereof comply with one or more policies 
from the plurality of policies; and 
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If the connect attempt, the listen attempt or the combination thereof comply with 
one or more policies from the plurality of policies, configuring a firewall to allow the 
connection attempt, the listen attempt, or the combination thereof (column 7 lines 21- 
41). 

Malcolm doesn't explicitly discuss the steps of determining if the connect attempt 
needs to match a policy, however Malcolm doesn't require that the connection attempt 
match a policy, each application request may be granted or denied on a case by case 
basis (see column 6 lines 19-20), thus it is effectively determined by the user, if the 
connection attempt needs to match a policy. Also wherein enabling a connection 
request, necessarily requires configuring the firewall to allow the connection. 

28. As per claim 22, Malcolm discloses the method of claim 21 , further comprising if 
the connect attempt, the listen attempt, or the combination thereof do not comply with 
one or more policies from the plurality of policies, sending a notification to the user of 
the application or service (column 4 lines 53-56). 

29. As per claim 23, Malcolm discloses the method of claim 22, wherein the 
notification comprises a selection to allow the connection (column 4lines 53-59). 

30. As per claim 24, Malcolm discloses the method of claim 21 , wherein establishing 
the policies comprises receiving a policy from the application or service (column 4 lines 
38-47). 

31 . As per claim 25, Malcolm discloses the method of claim 24, wherein receiving 
policies comprises receiving policies via an application programming interface (see 
rejection to claim 1 ). 
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32. As per claim 26, Malcolm discloses the method of claim 24, wherein the policy 
received from the application or service comprises inbound or outbound restrictions 
using one or more Internet Protocol addresses, information about scope of the 
connection, or combinations thereof (column 4 line 49 wherein the destination address 
is necessarily an IP address in view of the discussion). 

33. Claim 27 is rejected because it discloses similar subject matter to claim 10. 

34. Claims 28 and 29 are rejected because they disclose subject matter similar to 
claim 11. 

35. Claim 30 is rejected because it discusses similar subject matter to claim 15. 

36. Claims 31 and 32 are rejected because they disclose similar subject matter to 
that as discussed in claims 16 and 17 respectively. 

37. Claim 33 is rejected because it discloses similar subject matter to claim 21 . 

38. Claim 37 is rejected because it discloses similar subject matter to claim 21 . 

39. As per claim 38, Malcolm discloses the computer system of claim 33, wherein the 
interception module comprises a policy cache for storing the policies (see fig. 3). 

40. Claim 39 is rejected because it discloses similar subject matter to claim 16. 

41. Claims 7-8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Malcolm (US Patent 7146638) and further in view of Chakravarty (US PgPub 
2004/0128545) and the Applicant's disclosure as prior art. 

42. As per claim 7, Malcolm discloses the method of claim 1 , but does not disclose 
wherein the parameters comprise limiting the connection to a subset of interfaces, local 
addresses, or remote addresses, or combinations thereof. 
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The Examiner asserts a similar rejection to that as applied for claim 6, wherein 
Chakravarty discloses the parameters being specific to an application. The Examiner 
argues that it would be obvious for one of ordinary skill in the art to include wherein one 
of the parameters is specifically to limit the connection to a subset of address. Not only 
is this a common feature known for applications in the art, but also the Applicant admits 
this as a known feature in firewalls commonly used in the art ([004] lines 1-4). It would 
be obvious for one to include in a parameter sent directly from an application to include 
those that are already currently and commonly implemented in firewalls in the art. 
43. As per claim 8, Malcolm discloses the method of claim 1 , but does not include 
wherein the parameters comprise a timeout policy for the connection. 

The examiner asserts that a timeout policy is a well-known rule or parameter 
found in firewalls implemented in the art and thus would be an obvious enhancement of 
the current method as disclosed by Malcolm in view of Chakravarty. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon 8. Bludau whose telephone number is 571- 
272-3722. The examiner can normally be reached on Monday -Friday 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Infomnation regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status infomnation for unpublished applications Is available through Private PAIR only. 
For more infomriation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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